Abstract
This paper reports on the development of Compositional Comp-Cert, the first verified separate compiler for C. Specifying and proving separate compilation for C is made challenging by the coincidence of: compiler optimizations, such as register spilling, that introduce compiler-managed (private) memory regions into function stack frames, and C's stack-allocated addressable local variables, which may leak portions of stack frames to other modules when their addresses are passed as arguments to external function calls. The CompCert compiler, as built/proved by Leroy et al. 2006-2014, has proofs of correctness for whole programs, but its simulation relations are too weak to specify or prove separately compiled modules. Our technical contributions that make Compositional CompCert possible include: language-independent linking, a new operational model of multilanguage linking that supports strong semantic contextual equivalences; and structured simulations, a refinement of Beringer et al.'s logical simulation relations that enables expressive module-local invariants on the state communicated between compilation units at runtime. All the results in the paper have been formalized in Coq and are available for download together with the Compositional CompCert compiler.
| Original language | English (US) |
|---|---|
| Pages (from-to) | 275-287 |
| Number of pages | 13 |
| Journal | ACM SIGPLAN Notices |
| Volume | 50 |
| Issue number | 1 |
| DOIs | |
| State | Published - Jan 2015 |
All Science Journal Classification (ASJC) codes
- Computer Science(all)
Keywords
- CompCert
- Compiler correctness